From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id 19BAC1FF142 for ; Tue, 07 Apr 2026 09:52:07 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 93A58FC27; Tue, 7 Apr 2026 09:52:41 +0200 (CEST) Message-ID: Date: Tue, 7 Apr 2026 09:52:06 +0200 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH proxmox-backup] pbs-config: refactor and move helper to detect config digest changes To: Thomas Lamprecht , pbs-devel@lists.proxmox.com References: <20260402134110.848575-1-c.ebner@proxmox.com> <8b96cc02-af6d-4053-9d4b-acaffed953bc@proxmox.com> Content-Language: en-US, de-DE From: Christian Ebner In-Reply-To: <8b96cc02-af6d-4053-9d4b-acaffed953bc@proxmox.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1775548261736 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.070 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Message-ID-Hash: 37JM2FVDOFLTJ5VVPTZZ7QAO6VX2BBRZ X-Message-ID-Hash: 37JM2FVDOFLTJ5VVPTZZ7QAO6VX2BBRZ X-MailFrom: c.ebner@proxmox.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list List-Id: Proxmox Backup Server development discussion List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: On 4/5/26 10:37 AM, Thomas Lamprecht wrote: > On 02/04/2026 15:40, Christian Ebner wrote: [..] >> - } >> + pbs_config::detect_modified_configuration_file( >> + digest, >> + &crate::config::tfa::webauthn_config_digest(wa)?, > > The webauthn parsing was previously only done if there was an expected > digest send along, now it's done unconditionally. It probably isn't a problem, > it should be valid and thus parseable anyway, and this is the only place > where we did not already parse upfront anyway. > > But that made we wonder if we could encapsulate that along side the config > parsing directly, i.e., pass the config parse method the digest param as option > (or add a new fn like config_if_not_modified where it's not an option). > But probably not that much additional to gain with that, just wanted to put the > idea out there. Okay, can have a go at this once done with the encrypted push sync patches, thanks for the pointer. > >> + )?; >> >> if let Some(delete) = delete { >> for delete in delete { > >> diff --git a/src/tools/mod.rs b/src/tools/mod.rs >> index 6a975bde2..51d9ad777 100644 >> --- a/src/tools/mod.rs >> +++ b/src/tools/mod.rs >> @@ -29,19 +29,6 @@ pub fn assert_if_modified(digest1: &str, digest2: &str) -> Result<(), Error> { > > assert_if_modified has only one user left in src/api2/node/dns.rs, might be > worth to remove too now? Yes, sent a patch for this: https://lore.proxmox.com/pbs-devel/20260407075003.161713-1-c.ebner@proxmox.com/T/ > >> Ok(()) >> } >> >> -/// Detect modified configuration files >> -/// >> -/// This function fails with a reasonable error message if checksums do not match. >> -pub fn detect_modified_configuration_file( >> - digest1: &[u8; 32], >> - digest2: &[u8; 32], >> -) -> Result<(), Error> { >> - if digest1 != digest2 { >> - bail!("detected modified configuration - file changed by other user? Try again."); >> - } >> - Ok(()) >> -} >> - >> /// The default 2 hours are far too long for PBS >> pub const PROXMOX_BACKUP_TCP_KEEPALIVE_TIME: u32 = 120; >> pub const DEFAULT_USER_AGENT_STRING: &str = "proxmox-backup-client/1.0";